8APRIL 2021IN MYOPINIONIn the construction industry, and at Austin Industries, the disciplines of both accounting and financial management face disruptions on several technological fronts. Yet, the most prevalent at our organization remains cybersecurity. As CFO, the security of our financial assets is my number one priority. Though we face many threats, we believeemail protection and banking security are first and foremostin our cyber defense strategy.As our company has grown in recent years, we've expanded our digital footprint, implementing cloud-based solutions for dated manual processes and paper-based record keeping. As a result,our employee-owners, customers, and business partners alike have become accustomed to these new solutions. Trust in digital solutions has grown, and complacency has emerged as a new risk. Without consistent communication and education on the importance of cybersecurity, we risk exposing ourselves to threats simply not possible before the advent of cloud-based computing.Email protectionAt Austin, we've communicated extensively with our employee-owners on the dangers of email phishing schemes.We recognize that anyone within an organization, from senior management to college interns,may fall victim to a phishing scheme that putstheentire network at risk.It is critical that all employees know to exercise caution when opening and reviewing emails.All should look closely at the sender and contents of each email.All should use caution when clicking on embedded links and NEVER provide company credentials, usernames, or passwords.To enhance our approach, we've made important adjustments to company email and network security to keep phishing schemes from accessing our systems.At Austin, we flag all email that originates from outside our company, making it easy for employee-owners to know which messages are internal and which come from external entities.Many modern email clients have embedded cybersecurity and anti-phishing options to help users identify and flag potentially harmful messages, and we encourage our people to take advantage of these tools. In our experience, the most potentially damaging phishing schemes have targeted ourpeople and led them to believe the message received is from within the organization and is urgent. This false sense of urgency is another technique to prompt users to make quick, less thoughtful decisions about whether to respond to an email message. Education is key to properly equip employees to recognize such phishing schemes.Austin flags each incoming email originating outside the company with an "EXT" tag, to make it instantly recognizable in our employee-owners' inbox. We also use bright colors to mark such messages to make them stand apart from internal messages. As an added layer of safety, we identify harmful attachments before they reach the user's inbox. We make a practice of reviewing all licensing and maintenance agreements for email client and server software to ensure we take advantage of all protections offered.Banking securityAt Austin, we recognize there are times when the old tried-and-true methods work best. For banking security, verbal verification is an effective method to ensure banking inquiries and changes are legitimate. Take direct deposit as an example. We recommend establishing a company policy to contact employees by phone to confirm changes to direct deposit. If an organization allows electronic submission for payroll or direct deposit information, safeguards must be in place to ensure the requests are not fraudulent.Personally, I have seen too many occasions when an CYBERSECURITY: FINANCE'S DIGITAL FRONTIERBy Joe McLaughlin, Chief Financial Officer, Austin Industries
< Page 7 | Page 9 >